package cn.highedu.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
// @EnableWebSecurity //Spring MVC 启用Web安全功能，Spring Boot 会自动配置
// @EnableGlobalMethodSecurity(prePostEnabled = true) //启用方法安全设置
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 配置Web安全
        http.authorizeRequests()
                .mvcMatchers("/accounts/*").hasRole("USER") // tom
                .mvcMatchers("/accounts/editAccount.html").hasRole("ADMIN");
        // 使用表单登录
        http.formLogin().permitAll();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.debug(true);
        web.debug(true).ignoring().mvcMatchers("/actuator/**", "/orders/**","/rewards/**");
        // 忽略静态资源的安全控制
        // web.ignoring().mvcMatchers("/images/**", "/js/**", "/css/**", "/**/favicon.ico");

    }

    // 配置 AuthenticationManage 用于支持编程式登录
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}
